Share this Page

German University Says Severe Software Vulnerabilities Up in 2015

By Dian Schaffhauser

01/14/16

A German institution that maintains an online database of software vulnerabilities found that the count for "serious" ones increased in 2015. According to Hasso Plattner Institute, while fewer software security vulnerabilities were reported worldwide in 2015 than in 2014, the number of published vulnerabilities with a high level of severity has increased. The university is concentrated on IT systems engineering, located in Potsdam.

Researchers tallied about 5,700 vulnerabilities throughout the year in HPI-VDB (the database for vulnerability analysis), compared to about 7,200 in 2014. However, while 2014 had about 1,800 weaknesses identified as "high severity," 2015 had about 2,000. However, that's still considerably down from 2008, when the database recorded a high of nearly 3,500 security flaws in software. Those assessed as medium severity dropped considerably from 2014 to 2015, while low severity vulnerabilities stayed nearly level.

The project, maintained by the IT Security Engineering Team at HPI, found that 7,000 new software products and 400 new development companies showed up in its database. The entire database stores more than 73,100 pieces of information on vulnerabilities, affecting 180,000 programs from 15,500 different software makers.